Feb 24, 2012
tom

How do I force BIND9 to bind to a specific IP?

Question

This is my setup:

$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet 10.0.2.0/24 scope global lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever

‘lo’ is magical in the sense that that 10.0.2.0/24 line actually creates ~250 bindable addresses. Most daemons bind to these without trouble. However, this does not work in my BIND9-config:

listen-on port 53 { 10.0.2.15; };

(I’ve tried without “port 53″ too). The problem is that for BIND, listen-on is like a “binding whitelist”, that it matches to all IPs it can find on all interfaces. In this case, it does not find 10.0.2.15 on any interfaces, so it does not bind.

Can anyone recommend a workaround? I should point out that this is a testing setup on which I am moving things around all the time so I would prefer a solution that does not involve too many moving parts.

Asked by Habbie

Answer

After a bit of testing… Bind doesn’t appear to work the way you have observed other daemons working. I have noted 2 workarounds the first is add an additional address to lo to allow bind to bind to it

ip addr add 10.0.2.15/32 dev lo

The second is to change the address bind listens on to 10.0.2.0

Answered by Iain

Related posts:

  1. In BIND, forward DNS query for specific domain to specific nameserver
  2. Error in Bind9 named.conf file. Bind won’t start
  3. Can I log specific queries on Bind 9?
  4. Should I use /etc/bind/zones/ or /var/cache/bind/?
  5. How to bind Apache to specific IP and port on Windows Server 2008

Leave a comment